WordPress Oxpitan Theme <= 1.3.1 is vulnerable to Local File Inclusion

Software Oxpitan Type Theme Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-32294 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 95fea536d9dc Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Larson Theme <= 1.5.0 is vulnerable to Local File Inclusion

Software Larson Type Theme Vulnerable versions = 1.5.0 Fixed in 1.6.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 39f82de60a1f Credits Bonds Required privilege Unauthenticated Published...

WordPress Ogami Theme <= 1.53 is vulnerable to Local File Inclusion

Software Ogami Type Theme Vulnerable versions = 1.53 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-31913 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID b4ec72647766 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Requir...

WordPress Wilmër Theme < 3.4.2 is vulnerable to Local File Inclusion

Software Wilmër Type Theme Vulnerable versions 3.4.2 Fixed in 3.4.2 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-39494 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 1629a69ca1df Credits Bonds Required privilege Unauthenticated Published 2...

WordPress Enzio - Responsive Business WordPress Theme Theme <= 1.1.8 is vulnerable to Local File Inclusion

Software Enzio - Responsive Business WordPress Theme Type Theme Vulnerable versions = 1.1.8 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-31912 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 99b11ece57d8 Credits Tran Nguyen Bao...

CVE-2025-4322 Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...

WordPress Crafts & Arts Theme <= 2.5 is vulnerable to PHP Object Injection

Software Crafts & Arts Type Theme Vulnerable versions = 2.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31924 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID c2b3d2de486e Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...

WordPress Kaffen Theme <= 1.2.5 is vulnerable to Local File Inclusion

Software Kaffen Type Theme Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 362157fa6efa Credits Bonds Required privilege Unauthenticated Published...

WordPress Grand Tour | Travel Agency WordPress Theme <= 5.5.1 is vulnerable to PHP Object Injection

Software Grand Tour | Travel Agency WordPress Type Theme Vulnerable versions = 5.5.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-39485 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2dd075a80458 Credits Bonds Required privile...

WordPress ITSulu Theme <= 1.4.0 is vulnerable to Local File Inclusion

Software ITSulu Type Theme Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 809f0c6a06dd Credits Bonds Required privilege Unauthenticated Published...

WordPress Avantage Theme <= 2.4.6 is vulnerable to PHP Object Injection

Software Avantage Type Theme Vulnerable versions = 2.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-39495 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 25b40b813078 Credits Bonds Required privilege Unauthenticated Published...

WordPress Builty Theme <= 1.4.0 is vulnerable to Local File Inclusion

Software Builty Type Theme Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 59fa2331d0c1 Credits Bonds Required privilege Unauthenticated Published...

CVE-2025-32926 WordPress Grand Restaurant WordPress theme <= 7.0 - Path Traversal to PHP Object Injection vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: from n/a through = 7.0...

CVE-2025-32926 WordPress Grand Restaurant WordPress theme <= 7.0 - Path Traversal to PHP Object Injection vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Path Traversal.This issue affects Grand Restaurant: from n/a through = 7.0...

CVE-2025-39348 WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0...

CVE-2025-39348 WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0...

CVE-2025-39352 WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Restaurant WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant WordPress: from n/a through 7.0...

CVE-2025-39352 WordPress Grand Restaurant WordPress theme <= 7.0 - Arbitrary Options Deletion vulnerability

Missing Authorization vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grand Restaurant: from n/a through = 7.0...

CVE-2025-39366 WordPress wProject theme < 5.8.0 - Subscriber+ Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0...

CVE-2025-39458 WordPress Foton theme <= 2.5.2 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Foton allows PHP Local File Inclusion.This issue affects Foton: from n/a through 2.5.2...